The Basics of Web Security


Security on the Internet is a very important, complicated topic. Because this is not an Internet book, you won't find much detail in this section. But there are really only three things you need to know.

If you are visiting a site and don't see the lock or https in the URL, don't provide any data you don't want someone else to seesuch as credit card information, your Social Security number, and so on. In fact, this is a general principle you should follow while you are on the Net. Unless you are sure the service you are using is secure, don't provide any information you don't want transmitted to the world.

This sounds pretty dramatic, and it is a bit overstated. I believe the chances of anyone intercepting any particular data on the Net are pretty small, but if the potential loss is great, even that small risk can be too much. It's up to you to choose how much risk you want to assume.

Fortunately, you can provide data via a secure connection to sites running the proper server software. A secure connection is one in which the data transmitted is scrambled, encrypted, or both. This data might still be intercepted, but the person intercepting it won't be able to do anything with it. Only the server receiving the data will be able to decode and unscramble it. Although this system isn't perfect, it's about as close to perfect as you'll get. After all, the only way to be perfectly safe is to never do anything at all.

How do you tell you are using a secure connection? Look for the lock icon in the upper-right corner of the Safari window. If it is there, you are using a secure connection. You can also tell by looking at the URL. If it begins with https instead of just http, you are visiting a secure location.

You can usually find secure sites in places where you have the opportunity to buy things and need to transmit your credit card information to do so. Of course, how you want to deal with sensitive data is up to you. Some people can accept more risk than others. However, here is the guiding principle that I use:

Do not transmitvia an unsecured meansany data for which you can't accept the risk of a third-party intercepting that data.

Like me, you might find shopping via the Web extremely convenient, easy, and inexpensive, but I suggest that you transmit credit card data only via secure sites. And always remember: Do not judge what you do on the Net against a perfect world (where there is no chance of your data being misused). Consider the risks you are willing to accept in the non-Net world. For example, you probably think nothing of using your credit card in one of those gas pumps with an integrated card reader. That is certainly no more secure, and might be much less secure (especially if your card number is printed on the paper receipt), than using your credit card on a secure website.

Web browsers have many security features. The details of these are beyond the scope of this book, but you can explore on your own to see whether you need to make changesthe default security capabilities of most browsers work for most people.

Third, some sites provide digital certificates to verify data from that site. When you view a site that uses such a certificate, you see a window that gives you some options. One option is to install the certificate on your machine. When you do so, the certificate is installed in the appropriate directory and your browser can access that certificate as needed. You can also choose to always trust data from the site so you don't see any security warnings during future visits.



Special Edition Using MAC OS X Tiger
Special Edition Using Mac OS X Tiger
ISBN: 0789733919
EAN: 2147483647
Year: 2003
Pages: 317
Authors: Brad Miser

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net